Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

To: mr.mark who wrote (35940)	8/21/2003 7:31:01 PM
From: Tom Swift	Respond to of 110652

August 9, 2003 Microsoft Security Notices: A Double Standard on Spam? By Larry Seltzer One of the mailing lists I read carefully is SecurityFocus's excellent Focus-MS list. In the aftermath of Microsoft's disclosure in July of the infamous RPC/DCOM vulnerability and its patch release (known in MS security jargon as MS03-026), an interesting discussion arose on Focus-MS about Microsoft's efforts to publicize the disclosure and patch. ADVERTISEMENT A reader said he had received a broadcast e-mail, apparently from Microsoft, reminding him of the MS03-026 problem and patch. But the message came from windowssecurity@email.microsoft.com. This raised his suspicion, since the details of the message header looked as if the message hadn't originated with Microsoft. When he and others on the list started investigating the matter further it got even fishier: Surf to email.microsoft.com and you arrive at a page on the site of Digital Impact Inc. According to the page, "Digital Impact is the premier provider of online direct marketing solutions for enterprises. We send permission-based online direct marketing campaigns on behalf of our clients. You may have landed on this page as the result of a server error or an invalid URL." I received the message too, but had immediately deleted it without much scrutiny because I had already applied the patch. Confusion reigned on the thread for a while, but it didn't take long for someone to find Microsoft's explanation of its relationship with Digital Impact. It seems that Microsoft uses Digital Impact to send out some of their broadcast mail messages. Microsoft's explanation also calls Digital Impact "the premier provider of online direct marketing solutions for enterprises." Now, Digital Impact has a bit of a reputation though among e-mail and newsgroup administrators. If you read the news.admin.net-abuse.* newsgroups and search for Digital Impact, you'll find a lot of references (and many thanks to Thor Larholm for the reference and other contributions to the thread). At the same time, other things were wrong with the message. Firstly, it wasn't digitally signed, in violation of Microsoft's own policies; in fact, Microsoft warns users to look for this as a sign of hoax messages. Crackers Tuning Up for Massive Net Attack The Lookout: New Breed of Trojan Widespread Windows Hole Discovered In addition, the links in the message to the patch site give the appearance of going straight to Microsoft's site, but in fact redirect through a link at email.microsoft.com. It uses some funny code, indicating that Digital Impact is tracking users response to the message. This is also a major no-no! Here's an example of the code: <A HREF="http://email.microsoft.com/m/s.asp?HB9706797779X2612303X228387X"> microsoft.com; A Microsoft rep on the microsoft.public.security newsgroup said the message was not a hoax. I might be naive here, but I'm inclined to give Microsoft the benefit of the doubt. After all, it is a big company and whoever is in charge of dealing with spam doesn't know about this relationship. But on the other hand, it's hard to look at Microsoft's description of their relationship with Digital Impact and believe they didn't know who they were dealing with. "THE premier provider of online direct marketing solutions for enterprises"? Sounds like Internet marketer code words for "spammer" to me. Security Supersite Editor Larry Seltzer has worked in and written about the computer industry since 1983. security.ziffdavis.com

To: mr.mark who wrote (35940)	8/22/2003 2:26:38 PM
From: Eric L	Read Replies (1) \| Respond to of 110652

Spybot - S&D Reinstall mr.mark, << have you checked the Spybot forum >> That turned out to be a good tip. While it didn't exactly isolate my problem, it encouraged me to uninstall yet once again, and this time to delete the Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\ folder, and download and run the small utility to clean traces of Spybot S&D from the registry. [the tool that cleans the config file, didn't help] After doing so, I reinstalled, then updated from the Australian server (couldn't get updates through the others). Although I have no idea what got corrupted, all is now back to normal. Thanks. - Eric -